Remove These Applications from your Android Device, else they will harm you | Trojan Applications

The Android ecosystem has encountered a new batch of viruses that hide in applications. Nine of these were available on the Google Play Store until recently. A new study from a cybersecurity firm has revealed that there were 10 such apps that were found to be laced with a trojan virus. Some of these apps have been downloaded 5 million times. While Google Play Store may have removed these apps, users who might have downloaded the apps should also delete them from their device in order to steer clear from any further compromise.

A cybersecurity service provider, DrWeb has published a new report showcasing the discovery of malicious apps on the Google Play Store that steal Facebook users’ logins and passwords. The report suggests that these stealer trojans were spread as harmless software and were installed more than 5,856,010 times.

According to the report, the applications were fully functional when they were first downloaded. This caused users to drop their guard against any potential harm. Once the app was in use, the applications offered users some extra benefits if users logged into their Facebook accounts. One of the benefits was to disable in-app ads. The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.

If users agreed and clicked the log-in button, they saw a standard social network login form.

According to the DrWeb report, these trojans then used a special mechanism to trick their victims. After receiving the necessary settings from one of the command-and-control (C&C) servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to highjack the entered login credentials.

After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

The report further claims that the malicious programs received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.

Below is the list of Applications that have hidden Trojan Virus

  • Processing Photo by the developer chikumburahamilton
  • App Lock Keep from the developer Sheralaw Rence
  • Rubbish Cleaner from the developer SNT.rbcl
  • Horoscope Daily from the developer HscopeDaily momo
  • Horoscope Pi from the developer Talleyr Shauna
  • App Lock Manager from the developer Implummet col
  • Lockit Master from the developer Enali mchicolo
  • Inwell Fitness from the developer Reuben Germaine
  • PIP Photo by the developer Lillians
Diwakar

About author
A Computer Science Graduate. I am a normal person with abnormal ideas.
"Create the difference and be the change you want to see."
View all posts